Hi Yousif and all, Please take my input with a grain of salt, as I'm still early in my career and not as experienced with NuttX as others here. That said, here’s my take on the topic:
I feel like I'm in a similar position. I'm part of a team building a drone-like product that might require certification from a government agency. In our case, it will likely be certification under DO-178C. But I'm still very interested in NuttX because of its strict POSIX compliance (though I’m not entirely sure how thoroughly that's validated). This compliance allows me to ensure that an application built on NuttX can also run on other POSIX-compliant RTOS, including some certified options. Having a free and open-source RTOS with POSIX compliance enables me to iterate and test our product quickly, while also reducing the upfront cost of proving our product. Once we have more resources, the plan is to transition to a certified RTOS for the parts requiring certification. I’d be curious if others have explored a similar path in the past. If anyone here has insights or knows someone who has, I’d be very interested in connecting with them. As others have mentioned, I would recommend validating your team's requirements first, such as certification needs, and then assessing whether NuttX can meet them—not the other way around. I wouldn’t be surprised if there are specific nuances in the medical field requiring different certifications depending on the device usage. I hope this helps! Cheers, Ludovic Vanasse ludovicvana...@gmail.com +1(514) 475-0447 On Thu, Jan 2, 2025 at 11:38 PM Alan C. Assis <acas...@gmail.com> wrote: > Hi Sebastien, > > Any certification applies only for a specific version of any system/RTOS > and each vendor needs to do their own recertification. > > Also it is important to know that a safety system eventually could fail, > but it has ways to mitigate the failure, as redundancy and security > fail-operational mode. > > > https://curatepartners.com/blogs/skills-tools-platforms/understanding-safety-critical-systems-ensuring-reliability-and-safety-in-high-stakes-industries/ > > So, nobody will because because your contribution(s). > > BR, > > Alan > > > On Thu, Jan 2, 2025 at 8:20 PM Sebastien Lorquet <sebast...@lorquet.fr> > wrote: > >> Hello, >> On 1/2/25 23:52, Alan C. Assis wrote: >> >> Hi Yousif, >> >> This is the kind of feedback we like to hear! Thank you for that! >> >> NuttX is used in many areas including critical real-time applications. >> So, if your question is: Is NuttX safe enough to be used in medical >> application, the answer is YES! >> >> NO. it is not, by design, and I am glad it is not, otherwise I would >> freak every night that someone could die because of my contributions. >> >> Apache licence here: https://www.apache.org/licenses/LICENSE-2.0 says: >> >> *7. Disclaimer of Warranty*. Unless required by applicable law or agreed >> to in writing, Licensor provides the Work (and each Contributor provides >> its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF >> ANY KIND, either express or implied, including, without limitation, any >> warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or >> FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for >> determining the appropriateness of using or redistributing the Work and >> assume any risks associated with Your exercise of permissions under this >> License. >> >> So no, by license there are ABSOLUTELY NO GUARANTEE, and not even >> remotely. >> >> >> It is used in drone, rockets (search for NuttX land in the moon), robot, >> smartwatch, appliances, cars, etc. Recently it received critical safety >> application certification for automative usage (I cannot say the company >> name, but they will announce it soon). >> >> That is cool. Good point in the right direction, however this is less >> stringent than medical stuff. >> >> >> https://developer.sony.com/posts/apache-nuttx-powers-worlds-smallest-lunar-robot-in-japans-historic-autonomous-lunar-exploration-mission >> >> I do not read that NuttX powered the flight computer, and so it did not >> land on the moon. To my knowledge, it selected pictures in a nuttx-powered >> imaging payload. Correct me if I am wrong, that would be awesome to get me >> wrong, but it also reassures me that my contributions did not risk the fate >> of a moon landing. >> >> >> For sure there are medical devices using NuttX, how do I now that? >> Because on 2021 an institute found issues on medical devices RTOSes and >> NuttX was included: >> https://www.bfarm.de/SharedDocs/Risikoinformationen/Medizinprodukte/EN/vulnerabilities_realtime_os.html?nn=968830 >> >> Quoting the page: >> >> The BfArM points out critical vulnerabilities in the real-time operating >> systems of various venders. Details can be found here: >> >> https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04 >> >> Affected products are: >> >> - Amazon FreeRTOS, Version 10.4.1 >> - Apache Nuttx OS, Version 9.1.0 >> >> So probably not the best ad for nuttx in medical devices. >> >> And bit below: >> >> Real-time operating systems – especially QNX und VxWorks – are used in >> many medical devices; >> >> The list looks generic. Again maybe i am wrong, yes I have read the URL. >> >> >> >> If your company decide to use NuttX, please talk about it in our NuttX >> Conference (NuttX International Workshop), this way more people with have >> confidence to use NuttX on medical devices too! >> >> That would be frightening, to be honest. Participating in a conference is >> NOT a safety certification. >> >> Such a medical device would require MANY certifications by independent >> bodies, and it would likely require many audits to ascertain the safety of >> the OS for life critical applications. >> Also, certification of ONE device run by NuttX will NEVER mean that NuttX >> is generally safe whatever the product. >> >> I do not want anyone killed because of NuttX, and indirectly by my >> contributions. So safety and prudence is of utmost importance here. >> >> So: not impossible, but that would be some huge development and testing >> work, and safety is definitely not built in in NuttX. >> >> Safety is per-product and any use of NuttX in a safety product requires >> certification work. The facts described by Alan are useful in showing that >> it can be achieved somewhat, but nothing more. >> >> Sebastien >> >> >> >> BR, >> >> Alan >> >> On Friday, January 3, 2025, Yousif Askar <yousif.as...@bd.com.invalid> >> <yousif.as...@bd.com.invalid> wrote: >> >>> Hello! >>> >>> My name is Yousif Askar, and I'm a software engineer at the global >>> medical device company Becton, Dickinson, & Co. My team and I discovered >>> NuttX recently and were wondering if it was utilized in the medical device >>> industry often? We know it to be a wonderful low-powered RTOS but are not >>> sure the types of industries in which it is utilized, as I have not been >>> able to find any documentation online outlining such information. >>> >>> Thank you! >>> >>> *Yousif Askar **(he/him) * >>> >>> *Software Engineer* >>> >>> *UCC* >>> >>> >>> >>> >>> *yousif.as...@bd.com <yousif.as...@bd.com>* >>> >>> >>> 321 South Taylor Avenue >>> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >>> >>> >>> Louisville, CO, 80027 >>> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >>> >>> US >>> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >>> >>> >>> >>> *bd.com <http://www.bd.com/>* >>> >>> ******************************************************************* >>> IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.: >>> This message may constitute an advertisement of a BD group's products or >>> services or a solicitation of interest in them. If this is such a message >>> and you would like to opt out of receiving future advertisements or >>> solicitations from this BD group, please forward this e-mail to >>> optoutbygr...@bd.com. [BD.v1.0] >>> ******************************************************************* >>> This message (which includes any attachments) is intended only for the >>> designated recipient(s). It may contain confidential or proprietary >>> information and may be subject to the attorney-client privilege or other >>> confidentiality protections. If you are not a designated recipient, you may >>> not review, use, copy or distribute this message. If you received this in >>> error, please notify the sender by reply e-mail and delete this message. >>> Thank you. >>> ******************************************************************* >>> Corporate Headquarters Mailing Address: BD (Becton, Dickinson and >>> Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A. >>> <https://www.google.com/maps/search/1+Becton+Drive+Franklin+Lakes,+NJ+07417+U.S.A.?entry=gmail&source=g> >>> >>> BD Restricted >>> >>
